404 matches found
CVE-2011-4337
The CVE affects Support Incident Tracker (SiT!) versions 3.45–3.65, where translate.php contains a static code injection flaw. An attacker can supply a crafted lang parameter to inject arbitrary PHP code into an executable language file within the i18n directory. The provided documents do not spe...
CVE-2011-4337
Static code injection vulnerability in translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable...
Code injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...
CVE-2011-4825
CVE-2011-4825 describes a static code injection vulnerability in the file inc/function.base.php of the Ajax File and Image Manager (used in various products). The flaw allows remote attackers to inject arbitrary PHP code into the file data.php via crafted parameters. Affected versions include Aja...
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...
Code injection
Static code injection vulnerability in install.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107config.php via a crafted MySQL server name...
CVE-2011-1513
The CVE-2011-1513 entry concerns e107 CMS prior to 0.7.24 where the installation script is not removed, enabling a remote attacker to inject PHP via a crafted MySQL server name and overwrite e107_config.php. Core Security’s advisory CORE-2011-0810 documents OS command injection with code executio...
CVE-2011-1513
Static code injection vulnerability in install.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107config.php via a crafted MySQL server name...
Mandriva Update for phpmyadmin MDVSA-2011:124 (phpmyadmin)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2011-2506
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...
CVE-2011-2506
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...
phpMyAdmin 3.x Multiple Remote Code Executions
No description provided by source. File: libraries/auth/swekey/swekey.auth.lib.php Lines: 266-276 Patched in: 3.3.10.2 and 3.4.3.1 Type: Variable Manipulation Assigned CVE id: CVE-2011-2505 PMA Announcement-ID: PMASA-2011-5 266 if strstr$SERVER'QUERYSTRING','sessiontounset' != false 267 268...
phpMyAdmin 3.x Remote Code Execution
phpMyAdmin 3.x Multiple Remote Code Executions This post details a few interesting vulnerabilities I found while relaxing and reading the sourcecode of phpMyAdmin. My original advisory can be found here. If you would like me to audit your PHP project, check out Xxor's PHP code auditing service. T...
Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions
Exploit for windows platform in category local exploits Vendor: Microsoft Corp. Product web page: http://www.microsoft.com Affected version: 1.3.30601.30705 summary: Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP...
Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions
Summary Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks. Description The package...
CVE-2011-0635
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...
Code injection
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...
CVE-2011-0635
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter FTP-Server field to the sicore/updates/optionssav operation for index.php...
CVE-2011-0635
CVE-2011-0635 affects Simploo CMS 1.7.1 and earlier. The vulnerability is a static code injection flaw where remote authenticated users can inject arbitrary PHP into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation of index.php. ...
Статические анализаторы php. Мини-обзор
С течение времени мы все чаще и чаще можем видеть появление новых систем управления контентом CMS: форумов, блогов, шопов, социальных сетей, и т.д. и т.п. Многие из них, в силу некомпетентности или недостаточного уровня профессионализма их разработчиков, имеют в коде уязвимые места, позволяющие...